A currently ongoing malware campaign is impersonating the United Parcel Service (UPS) in an attempt to trick users into executing the malicious UPS_Document.zip attachment.
Sample attachments: UPS_Document.zip
Sample subject: United Parcel Service notification
Sample message:Good morning Parcel notification, The parcel was sent your home adress. And it will arrive within 3 buisness days. More information and the parcel tracking number are attached in document below. Thank you
United Parcel Service of America (c) 153 James Street, Suite100, Long Beach CA, 90000
Upon execution the malware sample downloads scareware variant detected as Mal/FakeAV-LI. Users are advised to pay extra attention when interacting with suspicious emails.
- Spamvertised United Parcel Service notifications lead to malware
- Spamvertised Post Office Express Mail (USPS) emails lead to malware
- Spamvertised "Reqest Rejected" campaign leads to scareware
- Spamvertised 'Facebook. Your password has been changed!' emails lead to malware